CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2324 – FileOrganizer and FileOrganizer Pro <= 1.0.6 - Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-2324
23 Apr 2024 — The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg file upload in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. For the free version, this is limited to administrators. The pro version is also vulnerable and exploitable by adm... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3069064%40fileorganizer%2Ftrunk&old=3010587%40fileorganizer%2Ftrunk • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2504 – Page Builder: Pagelayer – Drag and Drop website builder <= 1.8.4 - Authenticated(Contributor+) Stored Cross-Site Scripting via custom attributes
https://notcve.org/view.php?id=CVE-2024-2504
21 Mar 2024 — The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'attr' parameter in all versions up to, and including, 1.8.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Page Builder: Pagel... • https://plugins.trac.wordpress.org/browser/pagelayer/trunk/main/functions.php?rev=3045444#L1207 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2294 – Backuply – Backup, Restore, Migrate and Clone <= 1.2.7 - Authenticated (Admin+) Directory Traversal
https://notcve.org/view.php?id=CVE-2024-2294
15 Mar 2024 — The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.7 via the backup_name parameter in the backuply_download_backup function. This makes it possible for attackers to have an account with only activate_plugins capability to access arbitrary files on the server, which can contain sensitive information. This only impacts sites hosted on Windows servers. El complemento Backuply – Backup, Restore, Migrate and Clone ... • https://plugins.trac.wordpress.org/browser/backuply/trunk/functions.php#L1615 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2127 – Page Builder: Pagelayer – Drag and Drop website builder <= 1.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes
https://notcve.org/view.php?id=CVE-2024-2127
07 Mar 2024 — The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom attributes in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Page Builder: Pagelayer – Drag and Drop website... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3045444%40pagelayer&new=3045444%40pagelayer&sfp_email=&sfph_mail= • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1590 – Page Builder: Pagelayer – Drag and Drop website builder <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button
https://notcve.org/view.php?id=CVE-2024-1590
22 Feb 2024 — The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Widget in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Page Build... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3039750%40pagelayer&new=3039750%40pagelayer&sfp_email=&sfph_mail= • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0842 – Backuply - Backup, Restore, Migrate and Clone <= 1.2.6 - Denial of Service
https://notcve.org/view.php?id=CVE-2024-0842
08 Feb 2024 — The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.5. This is due to direct access of the backuply/restore_ins.php file and. This makes it possible for unauthenticated attackers to make excessive requests that result in the server running out of resources. El complemento Backuply – Backup, Restore, Migrate and Clone para WordPress es vulnerable a la denegación de servicio en todas las versiones hasta la 1.2.5 in... • https://plugins.trac.wordpress.org/changeset/3033242/backuply/trunk/restore_ins.php • CWE-400: Uncontrolled Resource Consumption CWE-834: Excessive Iteration •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1189 – AMPPS Encryption Passphrase denial of service
https://notcve.org/view.php?id=CVE-2024-1189
02 Feb 2024 — A vulnerability has been found in AMPPS 2.7 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Encryption Passphrase Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://fitoxs.com/vuldb/15-exploit-perl.txt • CWE-404: Improper Resource Shutdown or Release •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0697 – Backuply – Backup, Restore, Migrate and Clone <= 1.2.3 - Authenticated (Administrator+) Directory Traversal
https://notcve.org/view.php?id=CVE-2024-0697
26 Jan 2024 — The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.3 via the node_id parameter in the backuply_get_jstree function. This makes it possible for attackers with administrator privileges or higher to read the contents of arbitrary files on the server, which can contain sensitive information. El complemento Backuply – Backup, Restore, Migrate and Clone para WordPress es vulnerable a Directory Traversal en todas las... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026806%40backuply&new=3026806%40backuply&sfp_email=&sfph_mail= • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6598 – SpeedyCache <= 1.1.3 - Missing Authorization to Plugin Options Update
https://notcve.org/view.php?id=CVE-2023-6598
16 Dec 2023 — The SpeedyCache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the speedycache_save_varniship, speedycache_img_update_settings, speedycache_preloading_add_settings, and speedycache_preloading_delete_resource functions in all versions up to, and including, 1.1.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to update plugin options. El complemento SpeedyCache para WordPress es vulnerable a modificacio... • https://plugins.trac.wordpress.org/changeset/3010577/speedycache • CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49746 – WordPress SpeedyCache Plugin <= 1.1.2 is vulnerable to Server Side Request Forgery (SSRF)
https://notcve.org/view.php?id=CVE-2023-49746
04 Dec 2023 — Server-Side Request Forgery (SSRF) vulnerability in Softaculous Team SpeedyCache – Cache, Optimization, Performance.This issue affects SpeedyCache – Cache, Optimization, Performance: from n/a through 1.1.2. Vulnerabilidad de Server-Side Request Forgery (SSRF) en Softaculous Team SpeedyCache – Caché, optimización, rendimiento. Este problema afecta a SpeedyCache – Caché, optimización, rendimiento: desde n/a hasta 1.1.2. The SpeedyCache – Cache, Optimization, Performance plugin for WordPress is vulnerable to S... • https://patchstack.com/database/vulnerability/speedycache/wordpress-speedycache-plugin-1-1-2-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •